驱动程序挂钩ZwQueryDirectoryFile导致蓝屏 [英] Driver hooking ZwQueryDirectoryFile causes Blue Screen

问题描述

我写了一个挂钩ZwQueryDirectoryFile并隐藏文件"o.txt" 的驱动程序，但是当我直接使用其名称访问"o.txt" 时(当然，例如，当我尝试使用> del o.txt在命令提示符下将其删除时，系统崩溃，我看到了蓝屏.

我应该怎么办?我也应该在SSDT中挂接另一个功能吗?

我使用Visual Studio 2010，并且为Windows XP开发了驱动程序.
P.S.我所做的事情只有教育目的.

谢谢.

Hi,

I wrote a driver which hooks ZwQueryDirectoryFile and hides a file, "o.txt", but when I access "o.txt" directly using its name (which of course I know), for instance, when I try to delete it in command Prompt using >del o.txt ,the system crashes and I see the blue screen.

What should I do? Should I hook another function in SSDT as well?

I use Visual Studio 2010 and I developed my driver for Windows XP.
P.S. There''s only educational purpose behind what I am doing.

Thank you.

推荐答案

您应该开始学习如何调试驱动程序以及进行驱动程序崩溃分析.一个不错的起点: http://www.dedoimedo.com/computers/windows-bsod.html [ ^ ].您可以在Internet上找到许多与此主题相关的文章，技术和工具.

You should start learning how to debug your driver and do driver crashes analysis. A good place to start with: http://www.dedoimedo.com/computers/windows-bsod.html[^]. You will find many articles, technics and tools there on the Internet regarding this topic.

这篇关于驱动程序挂钩ZwQueryDirectoryFile导致蓝屏的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！